Hi!
On Sat, 08 Jan 2005 20:43:18 +0100, SteveKing <steveking@gmx.ch> wrote:
> Max Bowsher wrote:
> > SteveKing wrote:
> >> Ok, that's your opinion. Other users disagree with that, and I do too.
> >> If I were responsible for a Subversion server and I knew that there are
> >> client versions around which have either security bugs or other bugs
> >> which could harm the server, I'd like to be able to reject those
> >> clients. Sure, you could mail all the users and tell them to upgrade
> >> their clients, but you'll discover soon that most of them just don't do
> >> it.
> >
> > How can a bug in the client harm the server?
>
> Very simple. Just have a look at all the svn_client_* functions. Example:
> svn_client_propset()
> "If propname is an svn-controlled property (i.e. prefixed with
> SVN_PROP_PREFIX), then the caller is responsible for ensuring that the
> value is UTF8-encoded and uses LF line-endings."
>
> Just think of a client which has a bug and doesn't properly UTF8 encode
> and/or check the lineendings before calling that function. Then you'll
> end up with unwanted data in the repository which other clients don't
> understand anymore.
It's a bug in the server if it accepts data which should be utf-8
encoded, but is not. The docstring tells you the libraries rely on the
client to do the UTF-8 encoding. It's up to the server to check. Next
to that, it's Subversion protocol documentation.
bye,
Erik.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Jan 8 21:04:42 2005